@marlin @wnelson03 Yeah, as this discussion: Discussion about U2F vs FIDO2 passkeys for Bitwarden Two-Step Login was “outsourced” from this thread here, maybe some terminology:
-
This thread is about FIDO2-credentials as 2FA. Bitwarden calls them inaccurately “passkeys”, though they are not passkeys per definition of the FIDO alliance, since they are non-discoverable credentials. (though there is some not quite proven speculation, if Bitwarden might create them - or at least the “other side” stores them - also as discoverable credentials under certain circumstances)
-
Then there is the “login-with-passkey”-feature of Bitwarden. Here, Bitwarden indeed creates “discoverable credentials” = passkeys. And only here come “with encryption”/PRF etc. into play. But this whole second point here is not what this feature request is about. PS: A feature request for this point: Support more than 5 passkeys for passwordless login
PS: And if you insist on using the term “passkey” for both FIDO2-Bitwarden-credentials (as 2FA vs. as “login-with-passkey”), please at least make sure of which of both types you are talking. 